Add Cockpit role #185
Closed
Add Cockpit role #185
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added new role for Cockpit management into the project, including default variables, main installation and service enablement tasks, and template files for configuration and Traefik setup. The defaults specify paths for various configuration files and the main tasks cover installation from backports and service activation. Templates configure Cockpit’s behavior behind a reverse proxy and define routing and load-balancing settings for Traefik, facilitating secure access and streamlining Cockpit integration into the existing infrastructure.
Extended the 'cockpit' role defaults and template to include web domain configuration, DNS settings, and Traefik HTTP routing. Users can now specify custom subdomains, leverage auto SSL with Traefik, and benefit from enhanced routing options.
Introduced a new variable to define the HTTP URL for cockpit and updated the corresponding traffic rule to match on the new HTTP URL. This change ensures correct routing for non-HTTPS traffic.
Streamlined Cockpit deployment by implementing conditional logic to check and stop an existing socket before installation and configuring socket templates for improved flexibility. Web service origin is now dynamic, and redundant references in defaults have been cleaned up. Also commented out an incomplete Traefik template for clarity.
Refactored the Cockpit Ansible role for clearer structure and improved maintainability. Added tasks for directory creation and configuration file setup using templates for the socket, main config, and Traefik service. Also included a step to adjust file ownership contingent upon the environment, excluding continuous integration. The redundant 'cockpit_socket' import task was removed as part of streamlining the role.
Included task to ensure the Cockpit service starts during provisioning, enhancing system management capabilities.
Refactored the Ansible playbook for the Cockpit role to ensure the cockpit service is checked and correctly started if already present. Cleaned up default variable declarations and updated the Traefik configuration template to dynamically use predefined variable values, enhancing flexibility and readability. Removed unnecessary comments and deprecated folder paths to streamline configuration.
Removed hardcoded 'https://' prefix from web URL configuration to support flexible schemes. Added a new task for creating DNS records, ensuring dynamic DNS configuration during deployment.
Updated the Cockpit role to deactivate the Traefik API by default, enhancing security by limiting unnecessary exposure.
Updated the WebService origins configuration to enforce HTTPS, improving the security of Cockpit deployments.
|
ah shoot sorry can someone move this to sandbox? or want me to close and open @ sandbox? |
|
Can't move a PR like that, you'll need to open a new one over there |
|
alrighty thanks owine |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request includes several updates to the Cockpit role, including the addition of essential configs, web, DNS, and Traefik configurations, and improvements to the service and config setup. It also enhances the DNS setup, disables the Cockpit Traefik API by default, and enforces HTTPS in Cockpit origins. GH copilot thought that would be sufficient detail. :p